A. Installing IIS (IIS 6.0)
_____________________

This topic also lists the directories created on install, describes the IIS initial configuration backup, and briefly describes IIS optional components.

Important

To help minimize the attack surface of the server, IIS 6.0 is not installed on Windows Server 2003 by default. When you first install IIS 6.0, it is locked down — which means that only request handling for static Web pages is enabled, and only the World Wide Web Publishing Service (WWW service) is installed. None of the features that sit on top of IIS are turned on, including ASP, ASP.NET, CGI scripting, FrontPage® 2002 Server Extensions from Microsoft, and WebDAV publishing. If you do not enable these features, IIS returns a 404 error. You can enable these features through the Web Services Extensions node in IIS Manager. For more information about how to troubleshoot 404 errors and other issues, see Troubleshooting in IIS 6.0.

Microsoft strongly recommends installing IIS on an NTFS-formatted drive. NTFS is a more powerful and secure file system than FAT and FAT32. For more information, see Securing Files with NTFS Permissions.

Important

You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /user:Administrative_AccountName “mmc systemroot\system32\inetsrv\iis.msc”.

Procedures

To install IIS using the Configure Your Server Wizard

1.

From the Start menu, click Manage Your Server.

2.

Under Managing Your Server Roles, click Add or remove a role.

3.

Read the preliminary steps in the Configure Your Server Wizard and click Next.

For more information on the Configure Your Server Wizard, see “Configuring Your Server Wizard” in Windows Help.

To install IIS, add components, or remove components using Control Panel

1.

From the Start menu, click Control Panel.

2.

Double-click Add or Remove Programs.

3.

Click Add/Remove Windows Components.

4.

In the Components list box, click Application Server.

5.

Click Details.

6.

Click Internet Information Services Manager.

7.

Click Details to view the list of IIS optional components. For a detailed description of IIS optional components, see “Optional Components” in this topic.

8.

Select all optional components you wish to install.

Note

The World Wide Web PublishingService optional component includes important subcomponents like the Active Server Pages component and Remote Administration (HTML). To view and select these subcomponents, click World Wide Web Publishing Service and then click Details.

1.

Click OK until you are returned to the Windows Component Wizard.

2.

Click Next and complete the Windows Component Wizard.

Unattended Setup

To simplify the process of setting up IIS on multiple computers running a member of the Windows Server 2003 family, you can run setup unattended. To do this, create and use an answer file, which is a customized script that automatically answers the setup questions.

For information on how to create an answer file and to view a table of all IIS unattended setup parameters, see Appendix E: Unattended Setup.

IIS Directories

IIS installs the following directories:

•

\InetPub

•

systemroot\Help\IISHelp

•

systemroot\System32\InetSrv

•

systemroot\System32\InetSrv\MetaBack

These directories contain user content and cannot be moved. You can, however, select the location of your Wwwroot and Ftproot directories at installation by using a script during unattended setup. If you uninstall IIS, the IISHelp directory is removed. The InetPub and InetSrv directories remain on your computer.

Follow one of the procedures that are described in How to: Open IIS Manager topic to open IIS Manager. You can then create a virtual directory.

To create a virtual directory by using IIS Manager

In IIS Manager, expand the local computer and the Web site to which you want to add a virtual directory.

Right-click the site or folder in which you want to create the virtual directory, click New, and then click Virtual Directory.

In the Virtual Directory Creation Wizard, click Next.

In the Alias box, type a name for the virtual directory and then click Next. Choose a short name that is easy to type, because users type this name to access the Web site.

In the Path box, type or browse to the physical directory that contains the virtual directory, and then click Next.You can select an existing folder or create a new one to contain the content for the virtual directory.

Select the check boxes for the access permissions that you want to assign to the users.By default, the Read and Run Scripts check boxes are selected. These permissions enable you to run ASP.NET pages for many common scenarios. For more information, see the next section in this topic.

After creating a new virtual directory, you can configure security and authentication for the virtual directory. When you configure security, you specify permissions for an account or group. The following table shows the permissions settings that are available in IIS 5.0, IIS 5.1, and IIS 6.0.

Account or Group

Permissions

An account or group that is allowed to browse the site if you disabled anonymous authentication when you created the virtual directory.

Read & Execute

The account that is configured to access system resources for the ASP.NET current user context, such as the Network Service account (IIS 6.0) or the ASPNET account (IIS 5.0 and 5.1).

Read & ExecuteList Folder Contents

Read

Write

To configure security and authentication for a virtual directory

In IIS Manager, right-click node for the virtual directory that you want to configure, and then click Properties.

Click the Directory Security tab, and then in the Authentication and access control section, click Edit.

Select the check box for the authentication method or methods that you want to use for your virtual directory, and then click OK. By default, the Enable anonymous access and Windows Integrated Authentication check boxes are already selected.The two most common authentication scenarios are as follows:

Windows Integrated authentication for a local intranet site.

Forms authentication for an Internet or extranet site where users access the site through a firewall.

To configure authentication for an intranet or local development scenario, clear the Enable Anonymous access check box, and make sure that the Integrated Windows authentication check box is selected.

In Windows Explorer, open the parent folder of the folder that will contain the pages for the site. Right-click the folder and then click Sharing and Security.The Properties dialog box for the folder is displayed.

Click the Security tab.

In the Group or user names list, select a group or user name.

Note

To add a new group or user name, click Add, and then click the Locations button. Select the local computer name from the list and then click OK. Then type the account name that you want to add into the text box. After typing the name, click Check Names to verify the account name. Click OK to add the account.

In the Permissions list, select appropriate permissions for the group or user name.